Please provide me with steps to add email alerting in ELK . Alerting with Logstash.
This question is too open to be answered in a meaningful way. I will say though that Logstash isn't very good for alerting. You might find Elastic's Watcher product useful, or maybe you should look into a real monitoring product like Nagios or Icinga.
1 Like
As output, you can use "email" output plugin. I presume you already guess that.
In filter part, you add tag "email" to events that are relevant for an email.
And in output part :
output {
if "email" in [tags] {
email {
...
}
}
}
That said, in filter part, all depends what you exactly want to do...
Another way to do what Elastic Watcher do, but in open source :
https://elastalert.readthedocs.io
1 Like
Thanks trying to use elastalert
And to be complete, throttle logstash filter is really nice to detect problems to generate alerts.
For example : more than 30 errors in 1 minute.
1 Like